As T-REX reported, Solana's network on August 3rd encountered a serious security incident that resulted in approximately 8,000 wallets being compromised and withdrawn. Because hackers don't attack smart contract of any project, so the vulnerability is identified to come from an affected wallet project, which includes Phantom, Slope and Trust Wallet.
After a period of gathering information from affected users to identify common ground, Solana determined the cause of the attack originated from the Slope wallet.
After an investigation by developers, ecosystem teams, and security auditors, it appears affected addresses were at one point created, imported, or used in Slope mobile wallet applications. 1/2— Solana Status (@SolanaStatus) August 3, 2022
This exploit was isolated to one wallet on Solana, and hardware wallets used by Slope remain secure.— Solana Status (@SolanaStatus) August 3, 2022
While the details of exactly how this occurred are still under investigation, but private key information was inadvertently transmitted to an application monitoring service. 2/3
“Following investigation by developers and security experts in the ecosystem, it appears that the affected addresses at some point created, imported, and used wallet-related applications. crypto Slope.
This vulnerability affects only one Solana wallet, and Slope's other hardware wallets remain secure. While the exact cause is still being determined, the private key information may have been accidentally passed on to an application monitoring service.
There is no evidence that the Solana protocol or its cryptographic aspects have been compromised.”
A representative for Slope wallets also shared information on what happened, admitting that a group of Slope wallets were affected in the attack and that they are likely the source. Slope also advises users that please create a new wallet and transfer your assets there, don't reuse the old wallet or the old seed phrase.
See below for our official statement on the breach situation (now posted to our Medium).— Slope (@slope_finance) August 3, 2022
We empathize with everyone affected, and are doing our best to solve and rectify the situation.https://t.co/E9xrKbdLOy
Many users cryptocurrency, from the disclosures of Solana and Slope, tried to trace the attack and found that Slope had inadvertently sent seed phrases to 3rd party partners.
After finding the cause, CEO FTX Sam Bankman-Fried commented that Solana is currently the most underrated crypto project at the moment, comparing the damage of the recent crash (about 6 million USD) to the bridge attack. The $190 million Nomad cross-chain took place 1 day earlier.
this is a good example of how something can be under-rated— SBF (@SBF_FTX) August 3, 2022
a random dAPP gets compromised and it's blamed on the underlying blockchain. (To be clear, no core or internal infra had any issues! It was just a single third-party application some people used...)
in other news… https://t.co/je6r9v4jmj pic.twitter.com/bMJHRULgJB
“This is an example of how something can be looked down upon.
One dApp someone is infiltrated and all the sins are brought to the head blockchain communication. To be clear, none of Solana's infrastructure has had issues, it's all because of a third-party app that some people used.
In a related development…”
Price SOL, though, has yet to show any signs of recovering from yesterday's dump because of rumors that the vulnerability could spread to the entire network.
At the beginning of June, the Solana network also experienced an issue that resulted in a blockchain outage lasting more than 4 hours. That was the 4th time Solana "collapsed" in 2022 alone.